Skip to main content

Phase 1 - Installation and Configuration

To be successful, you will need to design, articulate, and follow a rollout plan. This plan should document milestones, timeframes, and responsible stakeholders.

  • Create a success plan

    Success starts with defining what you need to accomplish to be successful. Start by documenting your desired outcomes and why you purchased Lifecycle. You will want to make this clear to all stakeholders so that they share your vision.

  • Identify key stakeholders

    Include the stakeholders in the success plan and make it public to the organization. Get the key individuals on the same page before they become roadblocks to the process. Executive sponsorship is required to drive early adoption.

  • Set project timelines and scope

    Decide your milestone dates early and document when they need to be pushed and why. Socialize and celebrate your milestones to keep stakeholders engaged with the process.

  • Determine metrics to track for success

    Start tracking your baseline metrics tied to your desired outcomes early. They will help you set reasonable goals to encourage real change in the organization. Share your metrics with all stakeholders so they are part of the success story.


  • Provision your hardware architecture

  • Install the IQ Server

  • Initialize Lifecycle

System Configuration

  • Configure user access

  • Determine notification strategy

  • Schedule maintenance plan

Application & Policy Configuration

  • Catalog your applications

    Map out the applications you want to scan with Sonatype Lifecycle.

  • Define appropriate Categories

    Group your applications into categories based on acceptable risk levels and user access.

  • Adjust your policies

    Change the policies for your lifecycle Organizations for that group's acceptable level of risk.

  • Set up proprietary components

    Sonatype won't have information on components developed by your teams. This lets you tell Lifecycle which components you've developed to remove noise from your scan results.

  • Ensure that your license threat groups are appropriate

    Adjust your License threat groups to suit your organization's legal standards. Note: this will need to be done in conjunction with your legal team.

  • Enhance your policies using labels

    Set up labels to help identify, track, and remediate components causing policy violations.

  • Test scan in sandbox organization/application

    Scan an application in your Sandbox Organization to ensure the software is set up correctly.

  • Legacy application policy waivers

    Decide on a strategy for dealing with the policy violations already present in your application.